archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/csps/cryptoflex/slbcsp/accesstok.cpp

314 lines
8.2 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // AccessTok.cpp -- Access Token class definition
  3. // (c) Copyright Schlumberger Technology Corp., unpublished work, created
  4. // 1999. This computer program includes Confidential, Proprietary
  5. // Information and is a Trade Secret of Schlumberger Technology Corp. All
  6. // use, disclosure, and/or reproduction is prohibited unless authorized
  7. // in writing. All Rights Reserved.
  8. #include "NoWarning.h"
  9. #include "ForceLib.h"
  11. #include <limits>
  12. #include <memory>
  14. #include <WinError.h>
  16. #include <scuOsExc.h>
  18. #include "Blob.h"
  19. #include "AccessTok.h"
  21. using namespace std;
  22. using namespace scu;
  24. /////////////////////////// LOCAL/HELPER /////////////////////////////////
  26. namespace
  27. {
  28. const char PinPad = '\xFF';
  30. void
  31. DoAuthenticate(HCardContext const &rhcardctx,
  32. SecureArray<BYTE> &rsPin)
  33. {
  34. rhcardctx->Card()->AuthenticateUser(rsPin);
  35. }
  36. }
  38. /////////////////////////// PUBLIC /////////////////////////////////
  40. // Types
  41. // C'tors/D'tors
  42. AccessToken::AccessToken(HCardContext const &rhcardctx,
  43. LoginIdentity const &rlid)
  44. : m_hcardctx(rhcardctx),
  45. m_lid(rlid),
  46. m_hpc(0),
  47. m_sPin()
  48. {
  49. // TO DO: Support Administrator and Manufacturing PINs
  50. switch (m_lid)
  51. {
  52. case User:
  53. break;
  55. case Administrator:
  56. // TO DO: Support authenticating admin (aut 0)
  57. throw scu::OsException(E_NOTIMPL);
  59. case Manufacturer:
  60. // TO DO: Support authenticating manufacturer (aut ?)
  61. throw scu::OsException(E_NOTIMPL);
  63. default:
  64. throw scu::OsException(ERROR_INVALID_PARAMETER);
  65. }
  67. //m_sPin.append(MaxPinLength, '\0');
  68. }
  70. AccessToken::AccessToken(AccessToken const &rhs)
  71. : m_hcardctx(rhs.m_hcardctx),
  72. m_lid(rhs.m_lid),
  73. m_hpc(0), // doesn't commute
  74. m_sPin(rhs.m_sPin)
  75. {}
  77. AccessToken::~AccessToken()
  78. {
  79. try
  80. {
  81. FlushPin();
  82. }
  84. catch (...)
  85. {
  86. }
  87. }
  90. // Operators
  91. // Operations
  92. void
  93. AccessToken::Authenticate()
  94. {
  95. // Only the user pin (CHV) is supported.
  96. DWORD dwError = ERROR_SUCCESS;
  98. SecureArray<BYTE> bPin(MaxPinLength);
  99. DWORD cbPin = bPin.size();
  100. if ((0 == m_hpc) || (0 != m_sPin.length_string()))
  101. {
  102. // The MS pin cache is either uninitialized (empty) or a new
  103. // pin supplied. Authenticate using requested pin, having the MS pin
  104. // cache library update the cache if authentication succeeds.
  105. if (m_sPin.length() > cbPin)
  106. throw scu::OsException(ERROR_BAD_LENGTH);
  107. bPin=m_sPin;
  108. cbPin=bPin.size();
  109. PINCACHE_PINS pcpins = {
  110. cbPin,
  111. bPin.data(),
  112. 0,
  113. 0
  114. };
  116. dwError = PinCacheAdd(&m_hpc, &pcpins, VerifyPin, this);
  117. if (ERROR_SUCCESS != dwError)
  118. {
  119. m_sPin = SecureArray<BYTE>(0);// clear this pin ?
  120. if (Exception())
  121. PropagateException();
  122. else
  123. throw scu::OsException(dwError);
  124. }
  125. }
  126. else
  127. {
  128. // The MS pin cache must already be initialized at this point.
  129. // Retrieve it and authenticate.
  130. dwError = PinCacheQuery(m_hpc, bPin.data(), &cbPin);
  131. if (ERROR_SUCCESS != dwError)
  132. throw scu::OsException(dwError);
  134. SecureArray<BYTE> blbPin(bPin.data(), cbPin);
  135. DoAuthenticate(m_hcardctx, blbPin);
  136. m_sPin = blbPin; // cache in case changing pin
  137. }
  138. }
  140. void
  141. AccessToken::ChangePin(AccessToken const &ratNew)
  142. {
  143. DWORD dwError = ERROR_SUCCESS;
  145. SecureArray<BYTE> bPin(MaxPinLength);
  146. DWORD cbPin = bPin.size();
  147. if (m_sPin.length() > cbPin)
  148. throw scu::OsException(ERROR_BAD_LENGTH);
  149. bPin = m_sPin;
  150. cbPin = bPin.size();
  152. SecureArray<BYTE> bNewPin(MaxPinLength);
  153. DWORD cbNewPin = bNewPin.size();
  154. if (ratNew.m_sPin.length() > cbPin)
  155. throw scu::OsException(ERROR_BAD_LENGTH);
  156. bNewPin = ratNew.m_sPin;
  157. cbNewPin = bNewPin.size();
  159. PINCACHE_PINS pcpins = {
  160. cbPin,
  161. bPin.data(),
  162. cbNewPin,
  163. bNewPin.data()
  164. };
  166. dwError = PinCacheAdd(&m_hpc, &pcpins, ChangeCardPin, this);
  167. if (ERROR_SUCCESS != dwError)
  168. {
  169. if (Exception())
  170. PropagateException();
  171. else
  172. throw scu::OsException(dwError);
  173. }
  175. m_sPin = ratNew.m_sPin; // cache the new pin
  177. }
  179. void
  180. AccessToken::ClearPin()
  181. {
  182. m_sPin = SecureArray<BYTE>(0);
  183. }
  185. void
  186. AccessToken::FlushPin()
  187. {
  188. PinCacheFlush(&m_hpc);
  190. ClearPin();
  191. }
  194. void
  195. AccessToken::Pin(char const *pczPin,
  196. bool fInHex)
  197. {
  198. if (!pczPin)
  199. throw scu::OsException(ERROR_INVALID_PARAMETER);
  201. if (fInHex)
  202. throw scu::OsException(ERROR_INVALID_PARAMETER);
  203. else
  204. m_sPin = SecureArray<BYTE>((BYTE*)pczPin, strlen(pczPin));
  206. if (m_sPin.length() > MaxPinLength)
  207. // clear the existing pin to replace it later with invalid chars
  208. m_sPin = SecureArray<BYTE>();
  210. if (m_sPin.length() < MaxPinLength) // always pad the pin
  211. m_sPin.append(MaxPinLength - m_sPin.length(), PinPad);
  212. }
  214. // Access
  216. HCardContext
  217. AccessToken::CardContext() const
  218. {
  219. return m_hcardctx;
  220. }
  222. LoginIdentity
  223. AccessToken::Identity() const
  224. {
  225. return m_lid;
  226. }
  228. SecureArray<BYTE>
  229. AccessToken::Pin() const
  230. {
  231. return m_sPin;
  232. }
  234. // Predicates
  235. bool
  236. AccessToken::PinIsCached() const
  237. {
  238. DWORD cbPin;
  239. DWORD dwError = PinCacheQuery(m_hpc, 0, &cbPin);
  240. bool fIsCached = (0 != cbPin);
  242. return fIsCached;
  243. }
  245. // Static Variables
  247. /////////////////////////// PROTECTED /////////////////////////////////
  249. // C'tors/D'tors
  250. // Operators
  251. // Operations
  252. // Access
  253. // Predicates
  254. // Static Variables
  257. /////////////////////////// PRIVATE /////////////////////////////////
  259. // C'tors/D'tors
  260. // Operators
  261. // Operations
  263. DWORD
  264. AccessToken::ChangeCardPin(PPINCACHE_PINS pPins,
  265. PVOID pvCallbackCtx)
  266. {
  267. AccessToken *pat = reinterpret_cast<AccessToken *>(pvCallbackCtx);
  268. DWORD dwError = ERROR_SUCCESS;
  270. EXCCTX_TRY
  271. {
  272. pat->ClearException();
  274. SecureArray<BYTE> blbPin(pPins->pbCurrentPin, pPins->cbCurrentPin);
  275. SecureArray<BYTE> blbNewPin(pPins->pbNewPin, pPins->cbNewPin);
  276. pat->m_hcardctx->Card()->ChangePIN(blbPin,
  277. blbNewPin);
  278. }
  280. EXCCTX_CATCH(pat, false);
  282. if (pat->Exception())
  283. dwError = E_FAIL;
  285. return dwError;
  286. }
  288. DWORD
  289. AccessToken::VerifyPin(PPINCACHE_PINS pPins,
  290. PVOID pvCallbackCtx)
  291. {
  292. AccessToken *pat = reinterpret_cast<AccessToken *>(pvCallbackCtx);
  293. DWORD dwError = ERROR_SUCCESS;
  295. EXCCTX_TRY
  296. {
  297. pat->ClearException();
  299. SecureArray<BYTE> blbPin(pPins->pbCurrentPin, pPins->cbCurrentPin);
  300. DoAuthenticate(pat->m_hcardctx, blbPin);
  301. }
  303. EXCCTX_CATCH(pat, false);
  305. if (pat->Exception())
  306. dwError = E_FAIL;
  308. return dwError;
  310. }
  312. // Access
  313. // Predicates
  314. // Static Variables